The Church Security Risk Assessment Process is outlined in its simplest form as:

During the community development planning stage, review the project for potential security risks.

During the planning stage, write and issue the Security Risk Assessment for the project. During a project team meeting, review the risk assessment with the team. Communicate the security imperatives to the team to help them mitigate the most critical risks. Report the results of the risk assessment and related meeting to the Church IT Security Risk Liaison.

Work with the project manager to put the security imperatives into the project plan.

During the create or development stage of the project, communicate with the project team and perform testing to ensure the security imperatives are being met.

When the project creation phase is nearing completion, perform final testing and analysis of the project. Ensure the security imperatives have been met, and record any additional critical risks that need to be addressed before completion of the creation phase of the project.

Meet with the project team to share the results of the security testing. Ensure that confirmed vulnerabilities and unmet security imperatives are recorded and tracked as bugs. Report the results of the security testing to the Church IT Security Risk Liaison.

Work with the project manager and project team to assist with questions in how to resolve any remaining unmet security risk mitigation imperatives and critical security vulnerabilities. Report any concerns and final status to the Church IT Security Risk Liaison.

Security Risk Assessment Template

The Security Risk Assessment template is an outline for the CSE to perform a security risk assessment on community developed projects. This is typically done during the planning stage for a project.

Security Testing

Security testing is an important part of making sure that the security imperatives are met and critical vulnerabilities are resolved prior to putting the project into operation or production.